HighIBM Security Server Protection for Windows, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, RealSecure Server Sensor, RealSecure Network, Proventia Desktop, Proventia Network IPS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This signature detects a duplicate SMB Negotiate response
High
IBM Security Server Protection for Windows: 2.0.300.2480, IBM Security Server Protection for Windows: 2.1.14.2480, Proventia Network IDS: XPU 30.020, Proventia-G 1.1 and earlier: XPU 30.020, Proventia Network MFS: XPU 30.020, RealSecure Server Sensor: XPU 30.020, RealSecure Network: XPU 30.020, Proventia Desktop: 2480, Proventia Network IPS: XPU 30.020, Virtual Server Protection for Vmware: XPU 30.020, Proventia Server IPS for Linux technology: 30.020
Microsoft Windows Vista, Microsoft Windows Vista: x64, Microsoft Windows Vista: SP1, Microsoft Windows Vista: SP1 x64, Microsoft Windows Server 2008: Itanium, Microsoft Windows Server 2008: x32, Microsoft Windows Server 2008: x64, Microsoft Windows Vista: SP2 x64, Microsoft Windows Vista: SP2, Microsoft Windows Server 2008: SP2 x32, Microsoft Windows Server 2008: SP2 x64, Microsoft Windows 7: x64, Microsoft Windows 7: x32, Microsoft Windows Server 2008: R2 x64, Microsoft Windows Server 2008: R2 Itanium, Microsoft Windows Server 2008: SP2 Itanium
Unauthorized Access Attempt
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of malicious SMB responses by the Server Message Block (SMB) client. By sending a specially-crafted SMB response, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with system level privileges or cause a denial of service.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS10-006
Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
http://www.microsoft.com/technet/security/bulletin/ms10-006.mspx
Microsoft Security Bulletin MS10-020
Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
http://www.microsoft.com/technet/security/bulletin/ms10-020.mspx
Microsoft Security Bulletin MS11-019
Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)
http://www.microsoft.com/technet/security/bulletin/ms11-019.mspx
Microsoft Security Bulletin MS11-043
Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
http://www.microsoft.com/technet/security/bulletin/ms11-043.mspx
Microsoft Security Bulletin MS11-043
Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
http://www.microsoft.com/technet/security/bulletin/ms11-043.mspx
ISS X-Force
Microsoft Windows Server Message Block client code execution
http://www.iss.net/security_center/static/55152.php
CVE
CVE-2010-0017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0017